Burp suite function module
Dashboard: Scan
Proxy: the intercepted packets, the proxy
drop: abandon
Intruder: blasting
Decoder: encoding, decoding
repeater: reproducing
comparer: Comparative
BP, proxy items, response packet interception, BP To select ON based Responses The following Intercept the rules:
Intercept Client Requests, interception request
intercept clent responses, in response to interception
HHTP agreement basis
HTTP features
simple and quick, request method get, post, head, etc.
No Connect No state request to finish off
support mode B / SC / S
the URL of the composition, Protocol: Domain Name: port / virtual directory / file name? The anchor parameter #
Comparative get and post requests embodiment
similarities:
. 1, get and post can create an array, Array, which contains key-value pair (key = value), wherein the key (key) is the name of the form control, the value is entered by the user data
2, get and post are deemed to $ _GET and $ _POST, is superglobals
different points:
1, GET way the stitching data sent by the user to the URL, a small amount of data sent, limited, insecurity
2, POST mode parameter in the request packet request data, the tool must be used to view, send a large amount of data, high security
Request packet: request = request header request line + + + empty line request data
requesting the meaning of each packet request header:
the Host: indicating a request server IP
the User-- Agent: represents the user's local system browser environment
Accept: indicates browser analytical application environments
Accept-language: represents the browser can parse the language type
Accept-encoding: represents the browser can parse encoding
Referer: indicates that the request is coming from a page
Cookie: indicates that the session state between server and browser the session state may indicate whether the user is logged in, usually to the server configuration, time-sensitive, as long as the failure to require the user to log in again, will get a new cookie value, just after a successful login, the browser cookie will be saved , will bring each request to the server cookie, and the cookie is a need to verify the server
X-forwarded-for: represents the user's true IP
Content-type: representing the type of the request data
Response packet, Response
requesting user sends a packet arrives at the server, the server processes the request, sends back to the user's browser, after treatment, the results to the corresponding packet
response packet = status line + response header + blank lines + response body (also called the response content)
Classification status codes, by three digits:
the first digit indicates the type of response, a total of five types
1xx, indicates that the server receives the request, and the need to continue processing
2xx, means that the server has successfully received the request, and processing the request
3xx, represents a redirection, URL to jump to other pages to request
4xx, indicating that the user requests the client in question
5xx, the internal server-side error
common status code 200 302,304,400,403,404 500 * Find a self study
200, represents request was successful, the request or response header desired data returns a response
203 indicating that the server has successfully processed the request, but returns meta information entity header set is determined not valid on the original server, but from a local or third party copy.
302, saying that he now temporary resource request, due to the redirection is temporary, the client should continue to be sent in response to a request from a different URL address to the original request for
304, said that if the client sends a conditional GET request and the request has been allowed, while the content of the document does not change
400, represents a semantic error, the current request can not be understood by the server, or request parameter error
401, representing the current request for user authentication is required, the response must include a adapted to be www-authenticate header to ask the user the requested resource information
403 indicating the service request has been understood, but refused to perform, with 401 different is that authentication does not provide any help, but this should not be repeated request submitted by
404, request fails, the request would have liked resource is not found on the server
500, server encountered an unexpected condition that causes it could not complete the processing of the request, usually occurs when the server program code error
Response header Definition:
Data: Response time
server: Server Environment
content-length: response packet length
connection: the connection state of
content-type: returns a response type of data that tells the browser that which way to resolve or opening of the response data content
location: pledged to jump to the page
set-cookie: represents the value of the server to the browser cookie settings
Firefox plug-in tools: F12 to open Firebug
<form Action = "xx"> </ form> Form, action: submit to indicate where empty means to submit oneself
Html elements Classification: block elements and inline elements
block-level element, the tag element will be a new line start or end tags <h1> <p> <talble > and the like, the current element tag separate line
inline element, the display data when not will start a new line, label <a> <img> <td> and other contents are stacked together
html layout, the design of web pages, taking into account the case where appearance of the page is a local or overall layout of the page
<div> Fast-level elements, other elements used in combination, or style to facilitate setting properties agree
html event, you need to start the occurrence of certain actions, events need support
CSS (Cascading Style Sheets), determines how a page display element
css incorporated way:
introduction of the file, the outer chain: introducing external css document by L <ink> tag; with the case of using @import the <head> in <style> tag
inline style: style write directly on the current element html tag: "" attribute;
used inline, write pattern in the <head>
css execution priority: inline mode> inline> outer chain
You do not need but do not want to delete, then use the / * contents * / comment out
css Syntax:
selector {Attribute 1: value1; Attribute 2: value2;}
Selectors are:
built-in
name 1, the label, the same type of affect other labels, and labels are all the same with this style example Color {div: Red;}
2, ID selector, examples: <div id = " xxx ">, css written: # selectors ID {Color: Red;}
. 3, by the class-based manner, can be used in different elements, examples of <h1 class =" class "> <p =" class "> css wording : class name .class {clor: red;}, if the need to change the style, p .class separate label {color: red;}
File importing embodiment
4, link mode, xx.css need to create a file, html files in the <head> tag next, using <link rel = "stylesheet" type = "text / css" href = "css / xx.css "> tag
5, @ import mode, the file needs xx.css, html files in <head> <style> tag in the tag, @ import url (css / xx.css );
Common style attributes:
After background- background: background-color background color, background-image background image
font: color font color, size font size, text-align font alignment, text-indet font Indent
box model: margin outer border, border border, padding inside the borders, content data content